Cyber attack hits PC maker MSI, another GoAnywhere MFT victim and more.
Welcome to Cyber Security Today. It’s Monday, April 10th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Motherboard and laptop manufacturer MSI International has acknowledged being hit by a cyber attack. This comes after the Money Message ransomware gang said it hit the billion-dollar company. The affected systems have gradually resumed normal operations, MSI said. It doesn’t say whether the attackers got sensitive customer, employee or corporate information. The company, also known as Micro-Star, also urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.
By the way, the Money Message ransomware group also lists a U.S. national pharmacy provider as a recent victim.
A Hawaii credit union has started mailing out data breach notices to 20,000 customers. It’s doing so after an employee’s email account was hacked in December. The attacker may have copied customer names, Social Security numbers and more.
A California provider of online behavior consulting services is the latest victim of the Fortra GoAnywhere Managed File Transfer compromise. Brightline is notifying 27,000 American residents of a data breach caused by an attacker taking advantage of a vulnerability GoAnywhere MFT. The attacker could have copied names, addresses, dates of birth, phone numbers, a patient’s employer’s name and their group health insurance ID number.
Employees have to be regularly reminded to never download pirated software. Free and unapproved versions of commercial software always come with malware. The latest victim was a utility in Ukraine. That country’s computer emergency response team admitted last week that one of the country’s utilities was infected with a remote access trojan earlier this year. How? An employee downloaded a pirated version of Microsoft Office. Ukrainian organizations are under stress because of the war, but taking a shortcut makes things worse. On the other hand, a commentator for the SANS Institute noted that one employee’s compromised computer shouldn’t lead to the entire organization being compromised. It’s up to IT leaders to structure the IT network to make that impossible.
HP is warning printer administrators running certain models of LaserJet devices to take precautions because of a critical vulnerability. Some models of Enterprise LaserJet and LaserJet Managed Printers are vulnerable if IPsec is enabled. The problem is in devices running HP FutureSmart version 5.6 firmware. Until HP issues updated firmware, it should be rolled back to version 5.5.0.3.
Tesla employees have been sharing videos that were recorded by the cars’ cameras, according to the Reuters news agency. Car crashes, road-rage incidents and even a naked man approaching one of the cars were shared among employees. Tesla’s customer privacy policy says camera records remain anonymous and are not linked to the car owner. But the story says former employees told a reporter that a computer program could show the location of the recordings. On Friday, a day after that story was released, a California Tesla owner started a class-action lawsuit in California. A judge will have to approve the court action.
It’s not only Tesla employees that have been doing allegedly dodgy things. According to news reports, Samsung employees have been inadvertently leaking sensitive company information by using ChatGPT. You may not realize but ChatGPT is a public internet-connected database: Anything a user uploads for searching can be seen by anyone else using ChatGPT. A Samsung employee copied the source code from a faulty semiconductor database into ChatGPT so it could help them find a fix. But that meant the code was potentially available to the world. Similarly when an employee uploaded a recording of a meeting and asked ChatGPT to create minutes of the meeting, whatever was discussed at that meeting could be accessed by anyone. The lesson: Every organization has to create an employee policy for the proper use — or non-use — of ChatGPT and similar internet-connected search systems.
Twitter has been releasing some of its code to the open-source community. But the release at the end of March of its tweet recommendation engine had an inadvertent effect: A portion of it has been declared a vulnerability by Mitre. Mitre oversees the Common Vulnerabilities and Exposures list, or CVE. Why add this portion of Twitter code? Because it could allow an attacker to arrange for multiple Twitter accounts to co-ordinate the unfollowing, muting or blocking of someone’s account. Another way of describing this is the ability to cause a denial of service to a victim. The news service The Register asked Twitter for comment. All it got in reply was a poop emoji.
A German-language Swiss newspaper continues to struggle printing after what is reported to have been a ransomware attack two weeks ago. The Neue Zurcher Zeitung had to pre-produce last Saturday’s paper two days before. Not only that, instead of producing 16 local editions it’s only able to produce four. However, the online version of the daily publication is unaffected.
Last week I reported that hard drive and storage provider Western Digital had suffered a cyber attack affecting its My Cloud Home and SanDisk ibi services. The company now says users can access backup files stored locally by enabling the Local Access feature. They get this first by logging into the Dashboard.
When the BreachForums and Genesis criminal marketplaces were recently shut by police last month there was speculation on where crooks would go to buy and sell malware and stolen data. One possibility is a hacking group called Ares. According to researchers at Cyfirma, Ares has been active since December 2021. Since then it’s been selling zero-day vulnerabilities and stolen databases. After BreachForums closed the number of postings on the Ares data leak site increased. In addition, at the end of March Ares launched a forums site where eligible participants can discuss what they are buying and selling. Areas have a number of partners including the RansomHouse ransomware gang and several hacking groups. From these and other actions Cyfirma thinks Ares is positioning itself to be a significant cybercriminal player.
Finally, if you have an iPhone or iPad make sure it’s running the latest security patch. On Friday Apple pushed out a major security update for those devices. They should update automatically, but it doesn’t hurt to check. They should be running version 16.4.1. of the operating system. If you try to update but the device stays on version 15 or lower it no longer accepts operating system patches. Consider it risky for email and using it to buy products on. Time to get a new phone or tablet.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.